VIRY.CZ

Dobry den,
potreboval jsem upravit jeden mp3 soubor a stahnul jsem si na to "Free MP3 Cutter and Editor" coz jsem nemel delat.
- Nainstalovali se mne tam nejaky Reg Clean a nejayk Care system
- Zmenila se mne domovsky stranka na:
"www.mystartsearch.com/newtab/?type=nt&t ... 0427404274"
- antivir hlasi "Adresa byla Zablokovana ..."

Podarilo se me Reg Clean a Care system klasicky odinstalovat (Pridat/odebrat programy). Ale dom. stranka nejde zmenit.

Muzete mne prosim pomoci system vycistit od haveti?

Zde je log z "FRST":
================================
================================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-09-2015 01
Ran by radek (administrator) on TECHNOLOGIE (11-09-2015 10:56:47)
Running from C:\Documents and Settings\radek\Plocha
Loaded Profiles: radek (Available Profiles: radek)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
() C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(ScanSoft, Inc.) C:\Program Files\Canon\OmniPageSE2.0\opwareSE2.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
() C:\Documents and Settings\radek\Data aplikací\LangSoft\OETRN.EXE
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OpwareSE2] => C:\Program Files\Canon\OmniPageSE2.0\OpwareSE2.exe [49152 2003-05-08] (ScanSoft, Inc.)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [1106297 2006-04-07] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [1827640 2006-04-07] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [126976 2006-04-07] (Acronis)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16270848 2006-11-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [MP10_EnsureFileVer] => C:\WINDOWS\inf\unregmp2.exe [208896 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2007-11-02] (ATI Technologies Inc.)
HKU\S-1-5-21-1060284298-746137067-839522115-1003\...\Run: [OEXPRESS] => C:\Documents and Settings\radek\Data aplikací\LangSoft\OETRN.EXE [26624 2007-12-13] ()
HKU\S-1-5-21-1060284298-746137067-839522115-1003\...\Run: [WinGet.exe] => C:\Program Files\Indentix\WinGet\WinGet.exe [1937408 2007-07-25] (Indentix, Inc.)
Lsa: [Authentication Packages] msv1_0 relog_ap
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk [2012-09-08]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\radek\Nabídka Start\Programy\Po spuštění\Neutron.lnk [2013-08-15]
ShortcutTarget: Neutron.lnk -> C:\Program Files\Neutron\Neutron.exe (http://keir.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.143.126.9 10.143.128.1
Tcpip\..\Interfaces\{9780503D-25E8-4A07-AAE7-444E4239A8EE}: [DhcpNameServer] 10.143.126.9 10.143.128.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1060284298-746137067-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
HKU\S-1-5-21-1060284298-746137067-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30] (Adobe Systems Incorporated)
BHO: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\Documents and Settings\radek\Data aplikací\LangSoft\WebIE.dll [2007-12-13] ()
BHO: No Name -> {724d43a9-0d85-11d4-9908-00400523e39a} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
Toolbar: HKLM - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\radek\Data aplikací\LangSoft\WebIE.dll [2007-12-13] ()
Toolbar: HKLM - No Name - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - No File
Toolbar: HKU\S-1-5-21-1060284298-746137067-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1347099610278
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=14419 ... 0427404274

FireFox:
========
FF ProfilePath: C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default
FF NewTab: hxxp://www.mystartsearch.com/newtab/?type=nt&t ... 0427404274
FF SelectedSearchEngine: mystartsearch
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-17] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-07-30] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mystartsearch.xml [2015-09-11]
FF Extension: Magnify It - C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default\Extensions\magit@magit.com [2015-09-11]
FF Extension: Flash and Video Download - C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-08-26]
FF Extension: ODF Viewer - C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default\Extensions\uriloader@webodf.js.xpi [2014-01-15]
FF Extension: Web2PDF converter - C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi [2014-01-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-08]
FF Extension: No Name - C:\Documents and Settings\radek\Data aplikacĂ­\Mozilla\Firefox\Profiles\aoh2g658.default\extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi [not found]
FF Extension: No Name - C:\Documents and Settings\radek\Data aplikacĂ­\Mozilla\Firefox\Profiles\aoh2g658.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [not found]
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.mystartsearch.com/?type=sc&ts=14419 ... 0427404274

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [204800 2006-04-07] (Acronis) [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2007-11-01] () [File not signed]
S3 EHttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\ehttpsrv.exe [33992 2015-02-16] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1566424 2015-02-16] (ESET)
S3 eshasrv; C:\Program Files\ESET\ESET NOD32 Antivirus\eshasrv.exe [165064 2015-02-16] (ESET)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] () [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtcL001; C:\WINDOWS\System32\DRIVERS\atl01_xp.sys [35840 2006-10-31] (Attansic Technology corporation.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [188832 2015-02-02] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [135760 2015-02-02] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [118256 2015-02-02] (ESET)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 s0016mgmt; C:\WINDOWS\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\WINDOWS\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\WINDOWS\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\WINDOWS\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 SE31bus; C:\WINDOWS\System32\DRIVERS\SE31bus.sys [61600 2006-05-01] (MCCI) [File not signed]
S3 SE31mdfl; C:\WINDOWS\System32\DRIVERS\SE31mdfl.sys [9360 2006-05-01] (MCCI) [File not signed]
S3 SE31mdm; C:\WINDOWS\System32\DRIVERS\SE31mdm.sys [97184 2006-05-01] (MCCI) [File not signed]
R0 snapman; C:\WINDOWS\System32\DRIVERS\snapman.sys [99776 2007-12-13] (Acronis) [File not signed]
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [32224 2007-12-13] (Acronis) [File not signed]
R0 timounter; C:\WINDOWS\System32\DRIVERS\timntr.sys [387520 2007-12-13] (Acronis) [File not signed]
S0 FNETHYRAMKFTS; System32\drivers\FNETHYRAMKFTS.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-11 10:56 - 2015-09-11 10:57 - 00012764 _____ C:\Documents and Settings\radek\Plocha\FRST.txt
2015-09-11 10:56 - 2015-09-11 10:56 - 00000000 ____D C:\FRST
2015-09-11 10:46 - 2015-09-11 10:49 - 01692672 _____ (Farbar) C:\Documents and Settings\radek\Plocha\FRST.exe
2015-09-11 10:35 - 2015-09-11 10:42 - 00006952 _____ C:\Documents and Settings\radek\Plocha\pokus1.bmp
2015-09-11 10:20 - 2015-09-11 10:23 - 00000000 ____D C:\Documents and Settings\radek\Data aplikací\systweak
2015-09-11 10:20 - 2015-07-02 14:14 - 00018200 _____ () C:\WINDOWS\system32\roboot.exe
2015-09-11 10:13 - 2015-09-11 10:13 - 00000000 ____D C:\Documents and Settings\radek\Data aplikací\mystartsearch
2015-09-11 10:11 - 2015-09-11 10:11 - 00000000 ____D C:\Program Files\MuseTips
2015-09-11 08:16 - 2015-09-11 08:20 - 00000000 ____D C:\Program Files\cdrLabel 7.1
2015-09-11 08:16 - 2015-09-11 08:16 - 00000000 ____D C:\Documents and Settings\radek\Nabídka Start\Programy\cdrLabel 7.1
2015-09-09 09:12 - 2015-09-10 06:55 - 00000000 ____D C:\Documents and Settings\radek\Plocha\6000011365
2015-09-09 09:10 - 2015-09-10 12:08 - 00000000 ____D C:\Documents and Settings\radek\Plocha\6000011361
2015-09-08 14:46 - 2015-09-08 14:46 - 00009266 _____ C:\Documents and Settings\radek\Plocha\retizek.odt
2015-09-08 09:58 - 2015-09-08 09:58 - 00000000 ____D C:\Program Files\Recuva
2015-09-08 09:58 - 2015-09-08 09:58 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Recuva
2015-08-28 10:00 - 2015-08-28 10:01 - 00000000 ____D C:\Documents and Settings\radek\Plocha\audiograbber_1_83_cz
2015-08-27 12:27 - 2015-08-27 12:27 - 00000000 ____D C:\WINDOWS\AppCompat
2015-08-26 15:08 - 2015-08-26 15:08 - 00000477 _____ C:\Documents and Settings\radek\Plocha\Zástupce - DRAFT_SIGHT.lnk
2015-08-21 07:05 - 2015-09-11 10:55 - 00015903 _____ C:\WINDOWS\wmsetup.log
2015-08-21 07:04 - 2015-08-21 07:04 - 00124520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-18 14:46 - 2015-08-18 14:46 - 00000710 _____ C:\Documents and Settings\All Users\Plocha\X-Lite.lnk
2015-08-18 14:46 - 2015-08-18 14:46 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\CounterPath X-Lite
2015-08-18 14:45 - 2015-08-18 14:46 - 00000000 ____D C:\Program Files\X-Lite
2015-08-17 11:52 - 2015-08-17 11:52 - 00000000 ____D C:\Documents and Settings\radek\Nabídka Start\Programy\Indentix
2015-08-17 11:42 - 2015-08-17 11:42 - 00000000 ____D C:\Program Files\Indentix

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-11 10:56 - 2007-12-12 14:28 - 00000000 ____D C:\Documents and Settings\radek\Plocha
2015-09-11 10:55 - 2007-12-12 15:05 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-09-11 10:55 - 2007-12-12 14:22 - 01829968 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-11 10:55 - 2007-08-02 14:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-09-11 10:54 - 2007-12-12 15:05 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-09-11 10:54 - 2007-12-12 14:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-11 10:53 - 2007-12-12 14:28 - 00000178 ___SH C:\Documents and Settings\radek\ntuser.ini
2015-09-11 10:53 - 2007-12-12 14:25 - 00032576 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-11 10:52 - 2010-08-03 07:03 - 00008716 _____ C:\Documents and Settings\radek\Plocha\Impulsovi.txt
2015-09-11 10:23 - 2007-12-12 15:02 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-09-11 10:23 - 2007-12-12 15:02 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-09-11 10:22 - 2007-12-12 15:02 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-09-11 10:20 - 2007-12-12 14:28 - 00000000 __RHD C:\Documents and Settings\radek\Data aplikací
2015-09-11 10:13 - 2014-01-15 14:25 - 00001042 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
2015-09-11 09:45 - 2007-12-13 08:03 - 00000318 _____ C:\WINDOWS\hpbafd.ini
2015-09-11 08:16 - 2007-12-12 14:28 - 00000000 ___RD C:\Documents and Settings\radek\Nabídka Start\Programy
2015-09-10 12:42 - 2012-11-30 15:49 - 00000000 ____D C:\Documents and Settings\radek\Data aplikací\vlc
2015-09-10 08:18 - 2007-12-12 14:28 - 00000000 ____D C:\Documents and Settings\radek
2015-09-10 07:52 - 2012-09-09 11:18 - 00000000 _____ C:\WINDOWS\XXLGSC
2015-09-10 06:48 - 2013-08-14 08:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-08 10:18 - 2007-12-12 14:28 - 00000000 ___RD C:\Documents and Settings\radek\Dokumenty
2015-09-04 12:19 - 2007-12-12 14:28 - 00000000 ___HD C:\Documents and Settings\radek\Okolní síť
2015-08-26 18:36 - 2007-12-13 07:26 - 132039072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-21 11:36 - 2011-09-19 11:13 - 00036363 _____ C:\WINDOWS\CSTBox.INI
2015-08-17 11:56 - 2007-08-02 14:00 - 00000435 _____ C:\WINDOWS\system.ini
2015-08-17 06:45 - 2012-09-08 17:24 - 00778440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-08-17 06:45 - 2012-09-08 17:24 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-08-14 08:25 - 2015-08-11 12:14 - 00000000 ____D C:\Documents and Settings\radek\Plocha\6000011172

==================== Files in the root of some directories =======

2014-04-30 04:03 - 2014-04-30 04:03 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
2015-05-14 11:03 - 2015-05-19 12:24 - 0159200 ____T () C:\Documents and Settings\radek\Data aplikací\CrashRpt1402.dll
2013-06-24 13:36 - 2013-10-03 08:02 - 0005120 _____ () C:\Documents and Settings\radek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-06 20:22 - 2015-05-06 20:22 - 0029696 _____ () C:\Documents and Settings\radek\Local Settings\Data aplikací\MSGBOX.EXE
2007-12-13 13:25 - 2013-05-21 09:10 - 0000600 _____ () C:\Documents and Settings\radek\Local Settings\Data aplikací\PUTTY.RND

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================
================================
================================

Prilohou prikladam zabaleny "Addition.txt"

Zdravim

Jedna se o domaci nebo nejaky pracovni\firemni PC??

Dobry den,
PC je napul firemni/soukrome. Mam na zivnost malou dilnu, kde PC mam. Behem dne jej pouzivam jak na firemni, tak bezne soukrome veci (facebook, ICQ portable, ruzna fora, ...). Pokud PC nepude opravit, tak ho budu muset sam preinstalovat .
Mejte se.

Odinstalujte vse od IOBit - jsou to cinske smejdy a spise jen skodi nez jsou uzitkem. Hledaji nesmyslne a neexistujici problemy, databazi haveti ukradli jine renomovane spolecnosti

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Po spusteni probehne stazeni databaze
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner[C?].txt, ten sem vlozte

-odinstalovyl jsem vse od IOBit
-restart
-dle pokynu pouzil "AdwCleaner"
-zde je vysledny log "AdwCleaner[C1].txt"

===========================================================================

# AdwCleaner v5.007 - Logfile created 14/09/2015 at 07:47:59
# Updated 08/09/2015 by Xplode
# Database : 2015-09-10.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : radek - TECHNOLOGIE
# Running from : C:\Documents and Settings\radek\Plocha\adwcleaner_5.007.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Documents and Settings\radek\Data aplikací\Systweak
[-] Folder Deleted : C:\Documents and Settings\radek\Data aplikací\mystartsearch
[-] Folder Deleted : C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default\Extensions\magit@magit.com
[-] Folder Deleted : C:\Documents and Settings\radek\Local Settings\Data aplikací\Systweak

***** [ Files ] *****

[-] File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\mystartsearch.xml
[-] File Deleted : C:\WINDOWS\system32\roboot.exe

***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\Documents and Settings\radek\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : HKCU\Software\systweak
[-] Key Deleted : HKCU\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKCU\Software\OB
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
[-] Key Deleted : HKLM\SOFTWARE\ZoomWebLists
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command []

***** [ Web browsers ] *****

[-] [C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default\prefs.js] [Preference] Deleted : user_pref("browser.newtab.url", "hxxp://www.mystartsearch.com/newtab/?type=nt&t ... 0427404274");
[-] [C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "mystartsearch");

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2491 bytes] ##########
===========================================================================

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  resethosts;
  emptyclsid;
  IEdefaults;
  FFdefaults;
  CHRdefaults;
  emptyIEcache;
  emptyFFcache;
  emptyCHRcache;
  emptyalltemp;
  emptyflash;
  emptyjava;
  emptyrecycle.bin;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

-log ze "Zoek"

===========================================================================

Zoek.exe v5.0.0.0 Updated 13-09-2015
Tool run by radek on po 14.09.2015 at 8:32:38,43.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\radek\Plocha\zoek\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

14.9.2015 8:35:00 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Program Files\Common Files\SWF Studio deleted successfully
C:\DOCUME~1\radek\NABDKA~1\Programy\Notepad++ deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\LangSoft deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1060284298-746137067-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ED0E8CA5-42FB-4B18-997B-769E0408E79D} deleted successfully
HKEY_USERS\S-1-5-21-1060284298-746137067-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{724d43a9-0d85-11d4-9908-00400523e39a} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ED0E8CA5-42FB-4B18-997B-769E0408E79D} deleted successfully

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\WindowsUpdate deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\DivX deleted
C:\Documents and Settings\radek\.android deleted
C:\Documents and Settings\radek\TempWmicBatchFile.bat deleted
C:\WINDOWS\system32\GroupPolicy\Adm deleted
C:\WINDOWS\system32\GroupPolicy\User deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [08.09.2012 19:37]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\radek\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=12 folders=6 4825604 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\radek\Local Settings\Temporary Internet Files\Content.IE5\index.dat" deleted

==== EOF on po 14.09.2015 at 8:43:03,68 ======================
===========================================================================

Poprosim o novy log z FRST

- log z FRST a prilohou "Addition.zip"

===========================================================================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-09-2015 02
Ran by radek (administrator) on TECHNOLOGIE (14-09-2015 08:50:21)
Running from C:\Documents and Settings\radek\Plocha
Loaded Profiles: radek (Available Profiles: radek)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(ScanSoft, Inc.) C:\Program Files\Canon\OmniPageSE2.0\opwareSE2.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
() C:\Documents and Settings\radek\Data aplikací\LangSoft\OETRN.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OpwareSE2] => C:\Program Files\Canon\OmniPageSE2.0\OpwareSE2.exe [49152 2003-05-08] (ScanSoft, Inc.)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [1106297 2006-04-07] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [1827640 2006-04-07] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [126976 2006-04-07] (Acronis)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16270848 2006-11-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [MP10_EnsureFileVer] => C:\WINDOWS\inf\unregmp2.exe [208896 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2007-11-02] (ATI Technologies Inc.)
HKU\S-1-5-21-1060284298-746137067-839522115-1003\...\Run: [OEXPRESS] => C:\Documents and Settings\radek\Data aplikací\LangSoft\OETRN.EXE [26624 2007-12-13] ()
HKU\S-1-5-21-1060284298-746137067-839522115-1003\...\Run: [WinGet.exe] => C:\Program Files\Indentix\WinGet\WinGet.exe [1937408 2007-07-25] (Indentix, Inc.)
Lsa: [Authentication Packages] msv1_0 relog_ap
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk [2012-09-08]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\radek\Nabídka Start\Programy\Po spuštění\Neutron.lnk [2013-08-15]
ShortcutTarget: Neutron.lnk -> C:\Program Files\Neutron\Neutron.exe (http://keir.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.143.126.9 10.143.128.1
Tcpip\..\Interfaces\{9780503D-25E8-4A07-AAE7-444E4239A8EE}: [DhcpNameServer] 10.143.126.9 10.143.128.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1060284298-746137067-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
HKU\S-1-5-21-1060284298-746137067-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1060284298-746137067-839522115-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30] (Adobe Systems Incorporated)
BHO: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\Documents and Settings\radek\Data aplikací\LangSoft\WebIE.dll [2007-12-13] ()
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
Toolbar: HKLM - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\radek\Data aplikací\LangSoft\WebIE.dll [2007-12-13] ()
Toolbar: HKU\S-1-5-21-1060284298-746137067-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1347099610278

FireFox:
========
FF ProfilePath: C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-17] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-07-30] (Adobe Systems Inc.)
FF Extension: Flash and Video Download - C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-08-26]
FF Extension: ODF Viewer - C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default\Extensions\uriloader@webodf.js.xpi [2014-01-15]
FF Extension: Web2PDF converter - C:\Documents and Settings\radek\Data aplikací\Mozilla\Firefox\Profiles\aoh2g658.default\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi [2014-01-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-08]
FF Extension: No Name - C:\Documents and Settings\radek\Data aplikacĂ­\Mozilla\Firefox\Profiles\aoh2g658.default\extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi [not found]
FF Extension: No Name - C:\Documents and Settings\radek\Data aplikacĂ­\Mozilla\Firefox\Profiles\aoh2g658.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [not found]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [204800 2006-04-07] (Acronis) [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2007-11-01] () [File not signed]
S3 EHttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\ehttpsrv.exe [33992 2015-02-16] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1566424 2015-02-16] (ESET)
S3 eshasrv; C:\Program Files\ESET\ESET NOD32 Antivirus\eshasrv.exe [165064 2015-02-16] (ESET)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtcL001; C:\WINDOWS\System32\DRIVERS\atl01_xp.sys [35840 2006-10-31] (Attansic Technology corporation.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [188832 2015-02-02] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [135760 2015-02-02] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [118256 2015-02-02] (ESET)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 s0016mgmt; C:\WINDOWS\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\WINDOWS\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\WINDOWS\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\WINDOWS\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 SE31bus; C:\WINDOWS\System32\DRIVERS\SE31bus.sys [61600 2006-05-01] (MCCI) [File not signed]
S3 SE31mdfl; C:\WINDOWS\System32\DRIVERS\SE31mdfl.sys [9360 2006-05-01] (MCCI) [File not signed]
S3 SE31mdm; C:\WINDOWS\System32\DRIVERS\SE31mdm.sys [97184 2006-05-01] (MCCI) [File not signed]
R0 snapman; C:\WINDOWS\System32\DRIVERS\snapman.sys [99776 2007-12-13] (Acronis) [File not signed]
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [32224 2007-12-13] (Acronis) [File not signed]
R0 timounter; C:\WINDOWS\System32\DRIVERS\timntr.sys [387520 2007-12-13] (Acronis) [File not signed]
S0 FNETHYRAMKFTS; System32\drivers\FNETHYRAMKFTS.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-14 08:50 - 2015-09-14 08:50 - 00011583 _____ C:\Documents and Settings\radek\Plocha\FRST.txt
2015-09-14 08:50 - 2015-09-14 08:50 - 00000000 ____D C:\Documents and Settings\radek\Plocha\FRST-OlderVersion
2015-09-14 08:41 - 2015-09-14 08:32 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-09-14 08:34 - 2015-09-14 08:43 - 00005596 _____ C:\zoek-results.log
2015-09-14 08:32 - 2015-09-14 08:39 - 00000000 ____D C:\zoek_backup
2015-09-14 08:21 - 2015-09-14 08:21 - 04180806 _____ C:\Documents and Settings\radek\Plocha\zoek.zip
2015-09-14 08:21 - 2015-09-14 08:21 - 00000000 ____D C:\Documents and Settings\radek\Plocha\zoek
2015-09-14 07:46 - 2015-09-14 07:47 - 00000000 ____D C:\AdwCleaner
2015-09-14 07:40 - 2015-09-14 07:40 - 01660416 _____ C:\Documents and Settings\radek\Plocha\adwcleaner_5.007.exe
2015-09-14 07:39 - 2015-09-14 07:39 - 00130054 _____ C:\WINDOWS\DPINST.LOG
2015-09-14 07:38 - 2015-09-14 07:38 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\BVRP Software
2015-09-11 10:56 - 2015-09-14 08:50 - 00000000 ____D C:\FRST
2015-09-11 10:46 - 2015-09-14 08:50 - 01694208 _____ (Farbar) C:\Documents and Settings\radek\Plocha\FRST.exe
2015-09-11 08:16 - 2015-09-11 08:20 - 00000000 ____D C:\Program Files\cdrLabel 7.1
2015-09-11 08:16 - 2015-09-11 08:16 - 00000000 ____D C:\Documents and Settings\radek\Nabídka Start\Programy\cdrLabel 7.1
2015-09-09 09:12 - 2015-09-10 06:55 - 00000000 ____D C:\Documents and Settings\radek\Plocha\6000011365
2015-09-09 09:10 - 2015-09-10 12:08 - 00000000 ____D C:\Documents and Settings\radek\Plocha\6000011361
2015-09-08 14:46 - 2015-09-08 14:46 - 00009266 _____ C:\Documents and Settings\radek\Plocha\retizek.odt
2015-09-08 09:58 - 2015-09-08 09:58 - 00000000 ____D C:\Program Files\Recuva
2015-09-08 09:58 - 2015-09-08 09:58 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Recuva
2015-08-28 10:00 - 2015-08-28 10:01 - 00000000 ____D C:\Documents and Settings\radek\Plocha\audiograbber_1_83_cz
2015-08-27 12:27 - 2015-08-27 12:27 - 00000000 ____D C:\WINDOWS\AppCompat
2015-08-26 15:08 - 2015-08-26 15:08 - 00000477 _____ C:\Documents and Settings\radek\Plocha\Zástupce - DRAFT_SIGHT.lnk
2015-08-21 07:05 - 2015-09-14 08:43 - 00017442 _____ C:\WINDOWS\wmsetup.log
2015-08-21 07:04 - 2015-08-21 07:04 - 00124520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-18 14:46 - 2015-08-18 14:46 - 00000710 _____ C:\Documents and Settings\All Users\Plocha\X-Lite.lnk
2015-08-18 14:46 - 2015-08-18 14:46 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\CounterPath X-Lite
2015-08-18 14:45 - 2015-08-18 14:46 - 00000000 ____D C:\Program Files\X-Lite
2015-08-17 11:52 - 2015-08-17 11:52 - 00000000 ____D C:\Documents and Settings\radek\Nabídka Start\Programy\Indentix
2015-08-17 11:42 - 2015-08-17 11:42 - 00000000 ____D C:\Program Files\Indentix

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-14 08:50 - 2007-12-12 14:28 - 00000000 ____D C:\Documents and Settings\radek\Plocha
2015-09-14 08:44 - 2007-12-12 14:22 - 01898458 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-14 08:43 - 2007-12-12 15:05 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-09-14 08:42 - 2007-12-12 15:05 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-09-14 08:42 - 2007-12-12 14:25 - 00032576 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-14 08:42 - 2007-12-12 14:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-14 08:42 - 2007-08-02 14:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-09-14 08:41 - 2007-12-12 14:28 - 00000178 ___SH C:\Documents and Settings\radek\ntuser.ini
2015-09-14 08:39 - 2012-09-08 16:39 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-09-14 08:39 - 2007-12-12 15:02 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-09-14 08:39 - 2007-12-12 14:28 - 00000000 ____D C:\Documents and Settings\radek
2015-09-14 08:35 - 2007-12-12 14:28 - 00000000 ___RD C:\Documents and Settings\radek\Nabídka Start\Programy
2015-09-14 08:32 - 2010-08-03 07:03 - 00009146 _____ C:\Documents and Settings\radek\Plocha\Impulsovi.txt
2015-09-14 08:32 - 2007-12-12 14:20 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-09-14 08:29 - 2007-12-13 08:03 - 00000562 _____ C:\WINDOWS\hpbafd.ini
2015-09-14 08:27 - 2007-12-12 14:28 - 00000000 __RHD C:\Documents and Settings\radek\Data aplikací
2015-09-14 07:48 - 2014-01-15 14:25 - 00000736 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
2015-09-14 07:48 - 2007-12-12 15:02 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-09-11 10:23 - 2007-12-12 15:02 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-09-10 12:42 - 2012-11-30 15:49 - 00000000 ____D C:\Documents and Settings\radek\Data aplikací\vlc
2015-09-10 07:52 - 2012-09-09 11:18 - 00000000 _____ C:\WINDOWS\XXLGSC
2015-09-10 06:48 - 2013-08-14 08:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-08 10:18 - 2007-12-12 14:28 - 00000000 ___RD C:\Documents and Settings\radek\Dokumenty
2015-09-04 12:19 - 2007-12-12 14:28 - 00000000 ___HD C:\Documents and Settings\radek\Okolní síť
2015-08-26 18:36 - 2007-12-13 07:26 - 132039072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-21 11:36 - 2011-09-19 11:13 - 00036363 _____ C:\WINDOWS\CSTBox.INI
2015-08-17 11:56 - 2007-08-02 14:00 - 00000435 _____ C:\WINDOWS\system.ini
2015-08-17 06:45 - 2012-09-08 17:24 - 00778440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-08-17 06:45 - 2012-09-08 17:24 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-04-30 04:03 - 2014-04-30 04:03 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
2015-05-14 11:03 - 2015-05-19 12:24 - 0159200 ____T () C:\Documents and Settings\radek\Data aplikací\CrashRpt1402.dll
2013-06-24 13:36 - 2013-10-03 08:02 - 0005120 _____ () C:\Documents and Settings\radek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-06 20:22 - 2015-05-06 20:22 - 0029696 _____ () C:\Documents and Settings\radek\Local Settings\Data aplikací\MSGBOX.EXE
2007-12-13 13:25 - 2013-05-21 09:10 - 0000600 _____ () C:\Documents and Settings\radek\Local Settings\Data aplikací\PUTTY.RND

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================
===========================================================================

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
  HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
  HKLM\...\Run: [MP10_EnsureFileVer] => C:\WINDOWS\inf\unregmp2.exe [208896 2008-04-14] (Microsoft Corporation)
  HKU\S-1-5-21-1060284298-746137067-839522115-1003\...\Run: [OEXPRESS] => C:\Documents and Settings\radek\Data aplikací\LangSoft\OETRN.EXE [26624 2007-12-13] ()
  HKU\S-1-5-21-1060284298-746137067-839522115-1003\...\Run: [WinGet.exe] => C:\Program Files\Indentix\WinGet\WinGet.exe [1937408 2007-07-25] (Indentix, Inc.)
  
  HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
  HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
  HKU\S-1-5-21-1060284298-746137067-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
  HKU\S-1-5-21-1060284298-746137067-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
  HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
  
  2015-09-14 08:50 - 2015-09-14 08:50 - 00011583 _____ C:\Documents and Settings\radek\Plocha\FRST.txt
  2015-09-14 08:50 - 2015-09-14 08:50 - 00000000 ____D C:\Documents and Settings\radek\Plocha\FRST-OlderVersion
  2015-09-14 08:41 - 2015-09-14 08:32 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
  2015-09-14 08:34 - 2015-09-14 08:43 - 00005596 _____ C:\zoek-results.log
  2015-09-14 08:32 - 2015-09-14 08:39 - 00000000 ____D C:\zoek_backup
  2015-09-14 08:21 - 2015-09-14 08:21 - 04180806 _____ C:\Documents and Settings\radek\Plocha\zoek.zip
  2015-09-14 08:21 - 2015-09-14 08:21 - 00000000 ____D C:\Documents and Settings\radek\Plocha\zoek
  2015-09-14 07:46 - 2015-09-14 07:47 - 00000000 ____D C:\AdwCleaner
  2015-09-14 07:40 - 2015-09-14 07:40 - 01660416 _____ C:\Documents and Settings\radek\Plocha\adwcleaner_5.007.exe
  
  Hosts:
  EmptyTemp:
  Reboot:
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

- log po pouziti fixlistu z FRST

===========================================================================
Fix result of Farbar Recovery Scan Tool (x86) Version:13-09-2015 02
Ran by radek (2015-09-14 09:12:07) Run:1
Running from C:\Documents and Settings\radek\Plocha
Loaded Profiles: radek (Available Profiles: radek)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Run: [MP10_EnsureFileVer] => C:\WINDOWS\inf\unregmp2.exe [208896 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1060284298-746137067-839522115-1003\...\Run: [OEXPRESS] => C:\Documents and Settings\radek\Data aplikací\LangSoft\OETRN.EXE [26624 2007-12-13] ()
HKU\S-1-5-21-1060284298-746137067-839522115-1003\...\Run: [WinGet.exe] => C:\Program Files\Indentix\WinGet\WinGet.exe [1937408 2007-07-25] (Indentix, Inc.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1060284298-746137067-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
HKU\S-1-5-21-1060284298-746137067-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION

2015-09-14 08:50 - 2015-09-14 08:50 - 00011583 _____ C:\Documents and Settings\radek\Plocha\FRST.txt
2015-09-14 08:50 - 2015-09-14 08:50 - 00000000 ____D C:\Documents and Settings\radek\Plocha\FRST-OlderVersion
2015-09-14 08:41 - 2015-09-14 08:32 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-09-14 08:34 - 2015-09-14 08:43 - 00005596 _____ C:\zoek-results.log
2015-09-14 08:32 - 2015-09-14 08:39 - 00000000 ____D C:\zoek_backup
2015-09-14 08:21 - 2015-09-14 08:21 - 04180806 _____ C:\Documents and Settings\radek\Plocha\zoek.zip
2015-09-14 08:21 - 2015-09-14 08:21 - 00000000 ____D C:\Documents and Settings\radek\Plocha\zoek
2015-09-14 07:46 - 2015-09-14 07:47 - 00000000 ____D C:\AdwCleaner
2015-09-14 07:40 - 2015-09-14 07:40 - 01660416 _____ C:\Documents and Settings\radek\Plocha\adwcleaner_5.007.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MP10_EnsureFileVer => value removed successfully.
HKU\S-1-5-21-1060284298-746137067-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\OEXPRESS => value removed successfully.
HKU\S-1-5-21-1060284298-746137067-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\WinGet.exe => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully.
HKU\S-1-5-21-1060284298-746137067-839522115-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1060284298-746137067-839522115-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
C:\Documents and Settings\radek\Plocha\FRST.txt => moved successfully
C:\Documents and Settings\radek\Plocha\FRST-OlderVersion => moved successfully
C:\WINDOWS\zoek-delete.exe => moved successfully
C:\zoek-results.log => moved successfully
C:\zoek_backup => moved successfully
C:\Documents and Settings\radek\Plocha\zoek.zip => moved successfully
C:\Documents and Settings\radek\Plocha\zoek => moved successfully
C:\AdwCleaner => moved successfully
C:\Documents and Settings\radek\Plocha\adwcleaner_5.007.exe => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 355.9 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 09:14:10 ====
===========================================================================

Dobry den, je treba jeste nejak cistit?

Tak jeste uklidime

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standard
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

Dobry den, provedl jsme mosledni cisteni dle pokynu pres DelFix a Ccleaner. PC se jiz chova v poradku.
Dekuji za pomoc.
At se Vam dari

Nemate zac, rad jsem pomohl Zase nekdy


A na zaklade Pravidla o zamykani temat